fix: operation not permitted with python/amd64 (#8)

* fix: amd64 sometimes operation not permitted

* fix: tests

* fix: tests

* fix: tests

.github/workflows/tests-amd64.yml

@@ -52,6 +52,6 @@ jobs:
         run: pip install httpx requests jinja2
 
       - name: Run Intgeration tests
-        run: sudo go test -v github.com/langgenius/dify-sandbox/tests/integration_tests/...
+        run: sudo go test -timeout 120s -v ./tests/integration_tests/...
         env:
           PYTHON_PATH: /usr/bin/python3.10

.github/workflows/tests-arm64.yml

@@ -50,6 +50,6 @@ jobs:
         run: sudo ln -s "$(which go)" /usr/local/bin/go
 
       - name: Run Intgeration tests
-        run: sudo go test -v github.com/langgenius/dify-sandbox/tests/integration_tests/...
+        run: sudo go test -timeout 120s -v ./tests/integration_tests/...
         env:
           PYTHON_PATH: /usr/bin/python3.10

cmd/test/fuzz_python_amd64/main.go

@@ -50,12 +50,6 @@ func main() {
 		if find_syscall(i, original) == -1 {
 			list[i] = append(list[i], i)
 		}
-
-		// for j := 217; j < 218; j++ {
-		// 	if find_syscall(j, list[i]) == -1 {
-		// 		list[i] = append(list[i], j)
-		// 	}
-		// }
 	}
 
 	lock := sync.Mutex{}

cmd/test/fuzz_python_amd64/test.py

@@ -31,8 +31,9 @@ lib.DifySeccomp(65537, 1001, 1)
 
 # declare main function here
 def main() -> dict:
-    import requests
-    print(requests.get("https://www.google.com").text)
+    return {
+        "message": [1, 2, 3]
+    }
 
 from json import loads, dumps
 from base64 import b64decode

internal/static/python_syscall/syscalls_amd64.go

@@ -27,6 +27,7 @@ var ALLOW_SYSCALLS = []int{
 	syscall.SYS_EXIT, syscall.SYS_EXIT_GROUP,
 	syscall.SYS_TGKILL, syscall.SYS_RT_SIGACTION, syscall.SYS_IOCTL,
 	syscall.SYS_SCHED_YIELD,
+	syscall.SYS_SET_ROBUST_LIST, SYS_RSEQ,
 
 	// time
 	syscall.SYS_CLOCK_GETTIME, syscall.SYS_GETTIMEOFDAY, syscall.SYS_NANOSLEEP,

tests/integration_tests/base.go

@@ -0,0 +1,9 @@
+package integrationtests_test
+
+import "testing"
+
+func runMultipleTestings(t *testing.T, iterations int, testFunc func(*testing.T)) {
+	for i := 0; i < iterations; i++ {
+		testFunc(t)
+	}
+}

tests/integration_tests/nodejs_feature_test.go

@@ -10,41 +10,45 @@ import (
 
 func TestNodejsBase64(t *testing.T) {
 	// Test case for base64
-	resp := service.RunNodeJsCode(`
+	runMultipleTestings(t, 30, func(t *testing.T) {
+		resp := service.RunNodeJsCode(`
 const base64 = Buffer.from("hello world").toString("base64");
 console.log(Buffer.from(base64, "base64").toString());
-	`, "", &types.RunnerOptions{
-		EnableNetwork: true,
+		`, "", &types.RunnerOptions{
+			EnableNetwork: true,
+		})
+		if resp.Code != 0 {
+			t.Fatal(resp)
+		}
+
+		if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, "hello world") {
+			t.Fatalf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
+		}
+
+		if resp.Data.(*service.RunCodeResponse).Stderr != "" {
+			t.Fatalf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
+		}
 	})
-	if resp.Code != 0 {
-		t.Error(resp)
-	}
-
-	if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, "hello world") {
-		t.Errorf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
-	}
-
-	if resp.Data.(*service.RunCodeResponse).Stderr != "" {
-		t.Errorf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
-	}
 }
 
 func TestNodejsJSON(t *testing.T) {
 	// Test case for json
-	resp := service.RunNodeJsCode(`
+	runMultipleTestings(t, 30, func(t *testing.T) {
+		resp := service.RunNodeJsCode(`
 console.log(JSON.stringify({"hello": "world"}));
-	`, "", &types.RunnerOptions{
-		EnableNetwork: true,
+		`, "", &types.RunnerOptions{
+			EnableNetwork: true,
+		})
+		if resp.Code != 0 {
+			t.Error(resp)
+		}
+
+		if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, `{"hello":"world"}`) {
+			t.Fatalf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
+		}
+
+		if resp.Data.(*service.RunCodeResponse).Stderr != "" {
+			t.Fatalf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
+		}
 	})
-	if resp.Code != 0 {
-		t.Error(resp)
-	}
-
-	if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, `{"hello":"world"}`) {
-		t.Errorf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
-	}
-
-	if resp.Data.(*service.RunCodeResponse).Stderr != "" {
-		t.Errorf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
-	}
 }

tests/integration_tests/python_feature_test.go

@@ -10,63 +10,69 @@ import (
 
 func TestPythonBase64(t *testing.T) {
 	// Test case for base64
-	resp := service.RunPython3Code(`
+	runMultipleTestings(t, 50, func(t *testing.T) {
+		resp := service.RunPython3Code(`
 import base64
 print(base64.b64decode(base64.b64encode(b"hello world")).decode())
-	`, "", &types.RunnerOptions{
-		EnableNetwork: true,
-	})
-	if resp.Code != 0 {
-		t.Error(resp)
-	}
+		`, "", &types.RunnerOptions{
+			EnableNetwork: true,
+		})
+		if resp.Code != 0 {
+			t.Fatal(resp)
+		}
 
-	if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, "hello world") {
-		t.Errorf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
-	}
+		if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, "hello world") {
+			t.Fatalf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
+		}
 
-	if resp.Data.(*service.RunCodeResponse).Stderr != "" {
-		t.Errorf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
-	}
+		if resp.Data.(*service.RunCodeResponse).Stderr != "" {
+			t.Fatalf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
+		}
+	})
 }
 
 func TestPythonJSON(t *testing.T) {
-	// Test case for json
-	resp := service.RunPython3Code(`
+	runMultipleTestings(t, 50, func(t *testing.T) {
+		// Test case for json
+		resp := service.RunPython3Code(`
 import json
 print(json.dumps({"hello": "world"}))
-	`, "", &types.RunnerOptions{
-		EnableNetwork: true,
-	})
-	if resp.Code != 0 {
-		t.Error(resp)
-	}
+		`, "", &types.RunnerOptions{
+			EnableNetwork: true,
+		})
+		if resp.Code != 0 {
+			t.Fatal(resp)
+		}
 
-	if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, `{"hello": "world"}`) {
-		t.Errorf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
-	}
+		if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, `{"hello": "world"}`) {
+			t.Fatalf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
+		}
 
-	if resp.Data.(*service.RunCodeResponse).Stderr != "" {
-		t.Errorf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
-	}
+		if resp.Data.(*service.RunCodeResponse).Stderr != "" {
+			t.Fatalf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
+		}
+	})
 }
 
 func TestPythonHttp(t *testing.T) {
 	// Test case for http
-	resp := service.RunPython3Code(`
+	runMultipleTestings(t, 10, func(t *testing.T) {
+		resp := service.RunPython3Code(`
 import requests
 print(requests.get("https://www.bilibili.com").content)
 	`, "", &types.RunnerOptions{
-		EnableNetwork: true,
-	})
-	if resp.Code != 0 {
-		t.Error(resp)
-	}
+			EnableNetwork: true,
+		})
+		if resp.Code != 0 {
+			t.Fatal(resp)
+		}
 
-	if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, "bilibili") {
-		t.Errorf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
-	}
+		if !strings.Contains(resp.Data.(*service.RunCodeResponse).Stdout, "bilibili") {
+			t.Fatalf("unexpected output: %s\n", resp.Data.(*service.RunCodeResponse).Stdout)
+		}
 
-	if resp.Data.(*service.RunCodeResponse).Stderr != "" {
-		t.Errorf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
-	}
+		if resp.Data.(*service.RunCodeResponse).Stderr != "" {
+			t.Fatalf("unexpected error: %s\n", resp.Data.(*service.RunCodeResponse).Stderr)
+		}
+	})
 }